Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something affecting IE


  • This topic is locked This topic is locked
14 replies to this topic

#1 newport kirby

newport kirby

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 06 December 2009 - 11:07 PM

When we attempt to browse using Google we are directed to web sites and cannot use the browser without typing the URL address directly into the address bar. I have free AVG and installed Spybot but neither has helped. You were recommended to me by my IT director at my office.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Tamra at 19:55:29.86 on Sun 12/06/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.104 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tamra\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mStart Page = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241738732692
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {53D1217A-D74C-46FC-A22D-D9E94109AB99} = 192.168.1.3
TCP: {66E7E510-C2CF-4307-906F-D20F881CC88F} = 192.168.1.1
Filter: text/html - {dcbc43a5-b766-4ca1-b2cb-88c854f6b51c} -
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-7 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-7 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-7 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-4 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-7 297752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-14 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2005-12-8 57344]

=============== Created Last 30 ================

2009-12-07 00:47:42 0 d-----w- c:\program files\Trend Micro
2009-11-30 02:55:46 2 ----a-w- c:\windows\msoffice.ini
2009-11-29 22:26:46 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-29 22:26:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-28 18:47:04 0 d-----w- c:\windows\pss
2009-11-28 17:18:17 0 ----a-w- c:\documents and settings\tamra\Ÿ;Ÿ;
2009-11-11 16:35:33 3247 ----a-w- c:\windows\system32\wbem\Outlook_01ca62ecfd2c22d4.mof

==================== Find3M ====================

2009-12-04 17:59:54 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-04 17:59:54 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-19 23:53:44 3070976 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-25 05:37:11 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37:11 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2009-09-25 05:37:11 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-09-25 05:37:10 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 05:37:09 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll

============= FINISH: 19:58:03.29 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/7/2009 4:23:28 PM
System Uptime: 11/29/2009 8:30:09 PM (167 hours ago)

Motherboard: Dell Inc. | | 0JC474
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 42.988 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
H: is NetworkDisk (NTFS) - 297 GiB total, 229.108 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP171: 9/8/2009 2:05:27 PM - System Checkpoint
RP172: 9/9/2009 3:05:30 PM - System Checkpoint
RP173: 9/10/2009 3:00:30 AM - Software Distribution Service 3.0
RP174: 9/11/2009 12:24:57 AM - Software Distribution Service 3.0
RP175: 9/12/2009 3:00:36 AM - System Checkpoint
RP176: 9/13/2009 5:18:20 AM - System Checkpoint
RP177: 9/14/2009 6:18:22 AM - System Checkpoint
RP178: 9/14/2009 11:33:40 PM - Software Distribution Service 3.0
RP179: 9/16/2009 12:18:01 AM - System Checkpoint
RP180: 9/17/2009 1:18:07 AM - System Checkpoint
RP181: 9/17/2009 1:37:53 PM - Software Distribution Service 3.0
RP182: 9/18/2009 2:18:08 PM - System Checkpoint
RP183: 9/19/2009 3:18:09 PM - System Checkpoint
RP184: 9/20/2009 7:16:24 PM - System Checkpoint
RP185: 9/21/2009 6:16:56 PM - Software Distribution Service 3.0
RP186: 9/22/2009 6:17:58 PM - System Checkpoint
RP187: 9/23/2009 6:33:25 PM - System Checkpoint
RP188: 9/24/2009 11:20:50 AM - Software Distribution Service 3.0
RP189: 9/25/2009 12:17:50 PM - System Checkpoint
RP190: 9/26/2009 12:23:03 PM - System Checkpoint
RP191: 9/27/2009 1:18:09 PM - System Checkpoint
RP192: 9/28/2009 2:17:44 PM - System Checkpoint
RP193: 9/28/2009 2:25:16 PM - Software Distribution Service 3.0
RP194: 9/29/2009 2:37:18 PM - System Checkpoint
RP195: 9/30/2009 3:01:22 PM - System Checkpoint
RP196: 10/1/2009 3:34:45 PM - System Checkpoint
RP197: 10/2/2009 2:59:53 PM - Software Distribution Service 3.0
RP198: 10/3/2009 4:04:33 PM - System Checkpoint
RP199: 10/4/2009 9:30:20 AM - Avg8 Update
RP200: 10/4/2009 9:31:22 AM - Avg8 Update
RP201: 10/5/2009 9:55:24 AM - System Checkpoint
RP202: 10/5/2009 10:37:12 PM - Software Distribution Service 3.0
RP203: 10/6/2009 10:55:19 PM - System Checkpoint
RP204: 10/7/2009 9:02:13 AM - Avg8 Update
RP205: 10/8/2009 8:14:07 AM - Software Distribution Service 3.0
RP206: 10/9/2009 8:55:13 AM - System Checkpoint
RP207: 10/10/2009 9:55:13 AM - System Checkpoint
RP208: 10/11/2009 10:55:11 AM - System Checkpoint
RP209: 10/12/2009 11:55:11 AM - System Checkpoint
RP210: 10/12/2009 2:10:43 PM - Software Distribution Service 3.0
RP211: 10/13/2009 3:00:25 AM - Software Distribution Service 3.0
RP212: 10/14/2009 3:55:08 AM - System Checkpoint
RP213: 10/15/2009 3:00:45 AM - Software Distribution Service 3.0
RP214: 10/15/2009 9:38:17 PM - Software Distribution Service 3.0
RP215: 10/16/2009 10:25:37 PM - System Checkpoint
RP216: 10/17/2009 9:12:52 AM - Avg8 Update
RP217: 10/18/2009 3:00:33 AM - Software Distribution Service 3.0
RP218: 10/19/2009 3:00:37 AM - Software Distribution Service 3.0
RP219: 10/19/2009 7:59:10 AM - Software Distribution Service 3.0
RP220: 10/20/2009 8:51:51 AM - System Checkpoint
RP221: 10/21/2009 9:12:40 AM - Avg8 Update
RP222: 10/22/2009 9:37:07 AM - System Checkpoint
RP223: 10/22/2009 1:56:10 PM - Software Distribution Service 3.0
RP224: 10/23/2009 3:24:18 PM - System Checkpoint
RP225: 10/24/2009 4:25:57 PM - System Checkpoint
RP226: 10/25/2009 4:27:48 PM - System Checkpoint
RP227: 10/26/2009 4:47:42 PM - System Checkpoint
RP228: 10/26/2009 8:31:41 PM - Software Distribution Service 3.0
RP229: 10/27/2009 7:05:26 PM - Installed Windows Media Format Runtime
RP230: 10/28/2009 9:45:32 PM - System Checkpoint
RP231: 10/29/2009 11:22:13 PM - System Checkpoint
RP232: 10/30/2009 2:15:03 AM - Software Distribution Service 3.0
RP233: 10/31/2009 2:36:32 AM - System Checkpoint
RP234: 11/1/2009 3:36:33 AM - System Checkpoint
RP235: 11/2/2009 4:36:26 AM - System Checkpoint
RP236: 11/3/2009 3:00:44 AM - Software Distribution Service 3.0
RP237: 11/3/2009 9:13:59 AM - Avg8 Update
RP238: 11/4/2009 4:00:21 AM - Software Distribution Service 3.0
RP239: 11/5/2009 4:10:16 AM - System Checkpoint
RP240: 11/6/2009 4:58:08 AM - System Checkpoint
RP241: 11/6/2009 9:23:45 AM - Avg8 Update
RP242: 11/7/2009 2:49:43 AM - Software Distribution Service 3.0
RP243: 11/8/2009 2:22:09 AM - System Checkpoint
RP244: 11/9/2009 2:35:07 AM - System Checkpoint
RP245: 11/9/2009 5:55:34 PM - Software Distribution Service 3.0
RP246: 11/10/2009 6:22:04 PM - System Checkpoint
RP247: 11/11/2009 3:00:40 AM - Software Distribution Service 3.0
RP248: 11/12/2009 3:19:38 AM - System Checkpoint
RP249: 11/12/2009 9:18:14 PM - Software Distribution Service 3.0
RP250: 11/13/2009 10:19:27 PM - System Checkpoint
RP251: 11/14/2009 10:31:27 PM - System Checkpoint
RP252: 11/15/2009 10:39:58 PM - System Checkpoint
RP253: 11/16/2009 6:51:49 AM - Software Distribution Service 3.0
RP254: 11/17/2009 8:55:22 AM - System Checkpoint
RP255: 11/18/2009 9:19:14 AM - System Checkpoint
RP256: 11/19/2009 9:55:10 AM - System Checkpoint
RP257: 11/19/2009 2:29:09 PM - Software Distribution Service 3.0
RP258: 11/20/2009 2:43:11 PM - System Checkpoint
RP259: 11/21/2009 3:10:45 PM - System Checkpoint
RP260: 11/22/2009 3:32:03 PM - System Checkpoint
RP261: 11/23/2009 4:31:00 PM - System Checkpoint
RP262: 11/23/2009 5:34:04 PM - Software Distribution Service 3.0
RP263: 11/24/2009 6:31:59 PM - System Checkpoint
RP264: 11/25/2009 3:00:22 AM - Software Distribution Service 3.0
RP265: 11/25/2009 9:55:48 AM - Avg8 Update
RP266: 11/26/2009 11:17:25 AM - System Checkpoint
RP267: 11/27/2009 1:47:18 AM - Software Distribution Service 3.0
RP268: 11/28/2009 2:18:21 AM - System Checkpoint
RP269: 11/29/2009 2:26:21 AM - System Checkpoint
RP270: 11/29/2009 8:24:57 PM - Restore Operation
RP271: 11/29/2009 8:32:56 PM - Restore Operation
RP272: 11/30/2009 12:22:49 PM - Software Distribution Service 3.0
RP273: 12/1/2009 3:00:28 AM - Software Distribution Service 3.0
RP274: 12/2/2009 3:36:17 AM - System Checkpoint
RP275: 12/3/2009 4:36:08 AM - System Checkpoint
RP276: 12/3/2009 5:28:58 PM - Software Distribution Service 3.0
RP277: 12/4/2009 5:37:15 PM - System Checkpoint
RP278: 12/5/2009 6:36:09 PM - System Checkpoint
RP279: 12/6/2009 7:01:42 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
924PLC32
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
AIM 6
AIO_Scan
AOLIcon
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Bonjour
BufferChm
C8100
C8100_Help
Cisco Systems VPN Client 5.0.02.0090
Compatibility Pack for the 2007 Office system
Copy
Dell Driver Reset Tool
Dell System Restore
DellSupport
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Content Portal
DocProc
DocProcQFolder
eSupportQFolder
Fax
GPBaseService
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Solution Center 10.0
HP Update
HPProductAssistant
Intel® 537EP V9x DF PCI Modem
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OCR Software by I.R.I.S. 10.0
PanoStandAlone
PowerDVD 5.5
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
QuickTime
RealPlayer Basic
RoxioShim
Scan
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SolutionCenter
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Spybot - Search & Destroy
Status
Toolbox
TrayApp
UnloadSupport
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB 2.0 Wireless LAN Card Utility
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

11/29/2009 7:03:20 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/29/2009 7:03:20 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/29/2009 7:03:19 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/29/2009 3:55:24 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
11/29/2009 11:48:16 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/29/2009 11:46:52 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
11/29/2009 11:46:52 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:30 PM

Posted 07 December 2009 - 08:29 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 newport kirby

newport kirby
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 07 December 2009 - 04:15 PM

Sam:

Thank you in advance for your assistance with helping me with my computer issues. Pursuant to your last post please find two OTL reports and the GMER download.

OTL logfile created on: 12/7/2009 8:33:27 AM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\Tamra\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 81.91 Mb Available Physical Memory | 16.32% Memory free
1.20 Gb Paging File | 0.41 Gb Available in Paging File | 34.02% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 43.14 Gb Free Space | 61.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Tamra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/07 08:30:33 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tamra\Desktop\OTL.exe
PRC - [2009/11/25 09:55:12 | 02,029,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/28 08:23:06 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/28 08:23:05 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/28 08:22:56 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/28 08:22:43 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/05 10:37:58 | 12,313,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/06/22 20:23:38 | 00,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/06/05 12:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/18 21:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/06 09:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 16:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 16:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/02 19:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2007/11/02 17:44:16 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/10/26 13:28:10 | 01,544,992 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
PRC - [2007/10/26 13:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/10/19 19:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007/10/14 20:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/10/14 19:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/12/08 13:11:06 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/07/19 21:10:06 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/07/19 21:06:12 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/06/10 08:44:02 | 00,249,856 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/06/10 08:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/02/23 14:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/12/05 23:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2004/10/04 12:50:20 | 00,917,611 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2004/10/04 12:10:16 | 00,327,769 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2003/09/03 18:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe


========== Modules (SafeList) ==========

MOD - [2009/12/07 08:30:33 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tamra\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/08/28 08:22:56 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/28 08:22:43 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/01/16 18:14:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/01/16 18:14:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2007/11/06 20:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 20:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/10/26 13:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2004/10/04 12:12:50 | 00,057,344 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2004/07/14 23:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\S-1-5-21-2042069852-704526321-2522811070-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\S-1-5-21-2042069852-704526321-2522811070-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: (358509 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12308 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2042069852-704526321-2522811070-1006..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-2042069852-704526321-2522811070-1006..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe File not found
O4 - HKU\S-1-5-21-2042069852-704526321-2522811070-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1241738732692 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 02:22:48 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17454897414799360)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/07 08:27:28 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tamra\Desktop\OTL.exe
[2009/12/06 19:32:27 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Tamra\Desktop\RootRepeal.exe
[2009/12/06 16:47:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/29 14:26:46 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/29 14:26:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/28 10:47:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/07 08:30:33 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tamra\Desktop\OTL.exe
[2009/12/07 08:19:39 | 46,309,996 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/07 08:19:39 | 00,112,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/07 08:07:38 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/07 08:06:14 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/12/07 08:04:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/07 08:04:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/07 08:04:10 | 52,653,6704 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/06 19:33:04 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Tamra\Desktop\settings.dat
[2009/12/06 19:32:29 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Tamra\Desktop\RootRepeal.exe
[2009/12/06 19:22:26 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Tamra\Desktop\dds.scr
[2009/12/06 16:47:44 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tamra\Desktop\HijackThis.lnk
[2009/12/05 19:35:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/29 20:27:15 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Tamra\NTUSER.DAT
[2009/11/29 19:14:09 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/11/29 19:14:07 | 00,000,608 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/29 19:14:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/29 19:09:12 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Tamra\ntuser.ini
[2009/11/29 19:06:50 | 00,384,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/29 19:06:50 | 00,054,280 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/29 19:06:45 | 00,445,630 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/29 18:55:46 | 00,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2009/11/29 15:10:59 | 00,004,100 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/11/29 14:36:37 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/29 14:27:01 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Tamra\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 09:18:17 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Tamra\Ÿ;Ÿ;
[2009/11/25 03:01:27 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/06 19:33:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Tamra\Desktop\settings.dat
[2009/12/06 19:24:18 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Tamra\Desktop\dds.scr
[2009/12/06 16:47:44 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tamra\Desktop\HijackThis.lnk
[2009/11/29 18:55:46 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/11/29 14:27:01 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Tamra\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 09:18:17 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Tamra\Ÿ;Ÿ;
[2009/10/27 19:12:07 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Tamra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/07 19:27:14 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Tamra\Local Settings\Application Data\fusioncache.dat
[2009/05/07 16:34:22 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/07 16:16:46 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/26 13:28:18 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 13:28:04 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/12/08 13:20:28 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/08 13:11:37 | 00,004,100 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/08 12:44:50 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2005/12/08 12:44:42 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 02:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 12:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 12:00:16 | 00,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/04/09 15:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/07/14 20:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2005/12/08 13:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2009/07/14 20:19:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/07 16:41:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/21 16:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Devon\Application Data\acccore
[2009/07/14 20:20:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tamra\Application Data\acccore
[2009/12/07 08:07:38 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2009/12/04 09:59:54 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2009/12/04 09:59:54 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 03:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 03:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 03:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >



OTL logfile created on: 12/7/2009 8:33:27 AM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\Tamra\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 81.91 Mb Available Physical Memory | 16.32% Memory free
1.20 Gb Paging File | 0.41 Gb Available in Paging File | 34.02% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 43.14 Gb Free Space | 61.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Tamra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/07 08:30:33 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tamra\Desktop\OTL.exe
PRC - [2009/11/25 09:55:12 | 02,029,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/28 08:23:06 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/28 08:23:05 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/28 08:22:56 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/28 08:22:43 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/05 10:37:58 | 12,313,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/06/22 20:23:38 | 00,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/06/05 12:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/18 21:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/06 09:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 16:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 16:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/02 19:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2007/11/02 17:44:16 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/10/26 13:28:10 | 01,544,992 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
PRC - [2007/10/26 13:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/10/19 19:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007/10/14 20:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/10/14 19:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/12/08 13:11:06 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/07/19 21:10:06 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/07/19 21:06:12 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/06/10 08:44:02 | 00,249,856 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/06/10 08:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/02/23 14:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/12/05 23:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2004/10/04 12:50:20 | 00,917,611 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2004/10/04 12:10:16 | 00,327,769 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2003/09/03 18:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe


========== Modules (SafeList) ==========

MOD - [2009/12/07 08:30:33 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tamra\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/08/28 08:22:56 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/28 08:22:43 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/01/16 18:14:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/01/16 18:14:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2007/11/06 20:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 20:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/10/26 13:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2004/10/04 12:12:50 | 00,057,344 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2004/07/14 23:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\S-1-5-21-2042069852-704526321-2522811070-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\S-1-5-21-2042069852-704526321-2522811070-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: (358509 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12308 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2042069852-704526321-2522811070-1006..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-2042069852-704526321-2522811070-1006..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe File not found
O4 - HKU\S-1-5-21-2042069852-704526321-2522811070-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2042069852-704526321-2522811070-1006\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1241738732692 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 02:22:48 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17454897414799360)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/07 08:27:28 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tamra\Desktop\OTL.exe
[2009/12/06 19:32:27 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Tamra\Desktop\RootRepeal.exe
[2009/12/06 16:47:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/29 14:26:46 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/29 14:26:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/28 10:47:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/07 08:30:33 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tamra\Desktop\OTL.exe
[2009/12/07 08:19:39 | 46,309,996 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/07 08:19:39 | 00,112,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/07 08:07:38 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/07 08:06:14 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/12/07 08:04:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/07 08:04:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/07 08:04:10 | 52,653,6704 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/06 19:33:04 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Tamra\Desktop\settings.dat
[2009/12/06 19:32:29 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Tamra\Desktop\RootRepeal.exe
[2009/12/06 19:22:26 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Tamra\Desktop\dds.scr
[2009/12/06 16:47:44 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tamra\Desktop\HijackThis.lnk
[2009/12/05 19:35:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/29 20:27:15 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Tamra\NTUSER.DAT
[2009/11/29 19:14:09 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/11/29 19:14:07 | 00,000,608 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/29 19:14:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/29 19:09:12 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Tamra\ntuser.ini
[2009/11/29 19:06:50 | 00,384,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/29 19:06:50 | 00,054,280 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/29 19:06:45 | 00,445,630 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/29 18:55:46 | 00,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2009/11/29 15:10:59 | 00,004,100 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/11/29 14:36:37 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/29 14:27:01 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Tamra\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 09:18:17 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Tamra\Ÿ;Ÿ;
[2009/11/25 03:01:27 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/06 19:33:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Tamra\Desktop\settings.dat
[2009/12/06 19:24:18 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Tamra\Desktop\dds.scr
[2009/12/06 16:47:44 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tamra\Desktop\HijackThis.lnk
[2009/11/29 18:55:46 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/11/29 14:27:01 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Tamra\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 09:18:17 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Tamra\Ÿ;Ÿ;
[2009/10/27 19:12:07 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Tamra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/07 19:27:14 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Tamra\Local Settings\Application Data\fusioncache.dat
[2009/05/07 16:34:22 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/07 16:16:46 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/26 13:28:18 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 13:28:04 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/12/08 13:20:28 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/08 13:11:37 | 00,004,100 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/08 12:44:50 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2005/12/08 12:44:42 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 02:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 12:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 12:00:16 | 00,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/04/09 15:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/07/14 20:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2005/12/08 13:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2009/07/14 20:19:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/07 16:41:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/21 16:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Devon\Application Data\acccore
[2009/07/14 20:20:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tamra\Application Data\acccore
[2009/12/07 08:07:38 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2009/12/04 09:59:54 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2009/12/04 09:59:54 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 03:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 03:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 03:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >



GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-07 13:14:42
Windows 5.1.2600 Service Pack 3
Running: tivcmq22.exe; Driver: C:\DOCUME~1\Tamra\LOCALS~1\Temp\fxddapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF89C0760]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [A3DD42D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [A3DD4560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [A3DD46A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [A3DD4450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [A3DD4450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [A3DD42D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [A3DD4560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [A3DD46A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [A3DD42D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [A3DD4450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [A3DD46A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [A3DD4560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A3DD46A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A3DD4560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A3DD42D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A3DD4450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A3DD42D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A3DD4560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A3DD46A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A3DD42D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A3DD4450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A3DD46A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A3DD4560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\gdi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\gdi32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\gdi32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\gdi32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3712] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat A3C4DD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device -> \Driver\atapi \Device\Harddisk0\DR0 82D49618

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:30 PM

Posted 07 December 2009 - 07:31 PM

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 newport kirby

newport kirby
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 08 December 2009 - 07:44 PM

Sam:

I may have replied incorrectly this morning so, to be safe, I'm trying again. Please disregard if this is redundant.

This is the TDSSKiller Run


Host Name: DESKTOP
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Kirby
Registered Organization:
Product ID: 76487-OEM-0011903-00825
Original Install Date: 5/7/2009, 4:23:28 PM
System Up Time: 0 Days, 22 Hours, 18 Minutes, 8 Seconds
System Manufacturer: Dell Inc.
System Model: Dell DV051
System type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x86 Family 15 Model 4 Stepping 1 GenuineIntel ~2793 Mhz
BIOS Version: DELL - 7
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT-08:00) Pacific Time (US & Canada)
Total Physical Memory: 502 MB
Available Physical Memory: 78 MB
Virtual Memory: Max Size: 2,048 MB
Virtual Memory: Available: 2,005 MB
Virtual Memory: In Use: 43 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\DESKTOP
Hotfix(s): 152 Hotfix(s) Installed.
[01]: EmeraldQFE2 - Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: File 1
[64]: File 1
[65]: File 1
[66]: File 1
[67]: File 1
[68]: File 1
[69]: Q147222
[70]: KB953295 - QFE
[71]: SP3 - SP
[72]: M953297 - Update
[73]: S867460 - Update
[74]: KB900325 - Update
[75]: Q954430
[76]: Q973688
[77]: KB952069_WM9
[78]: KB954155_WM9
[79]: KB968816_WM9
[80]: KB973540_WM9
[81]: KB936782_WMP10
[82]: EmeraldQFE2 - Update
[83]: KB923689
[84]: KB941569
[85]: KB936929 - Service Pack
[86]: KB953295 - Update
[87]: KB923561 - Update
[88]: KB938464-v2 - Update
[89]: KB946648 - Update
[90]: KB950760 - Update
[91]: KB950762 - Update
[92]: KB950974 - Update
[93]: KB951066 - Update
[94]: KB951376-v2 - Update
[95]: KB951748 - Update
[96]: KB951978 - Update
[97]: KB952004 - Update
[98]: KB952287 - Update
[99]: KB952954 - Update
[100]: KB954459 - Update
[101]: KB954600 - Update
[102]: KB955069 - Update
[103]: KB955839 - Update
[104]: KB956572 - Update
[105]: KB956744 - Update
[106]: KB956802 - Update
[107]: KB956803 - Update
[108]: KB956844 - Update
[109]: KB957097 - Update
[110]: KB958644 - Update
[111]: KB958687 - Update
[112]: KB958690 - Update
[113]: KB958869 - Update
[114]: KB959426 - Update
[115]: KB960225 - Update
[116]: KB960715 - Update
[117]: KB960803 - Update
[118]: KB960859 - Update
[119]: KB961371 - Update
[120]: KB961373 - Update
[121]: KB961501 - Update
[122]: KB963027 - Update
[123]: KB967715 - Update
[124]: KB968389 - Update
[125]: KB968537 - Update
[126]: KB969059 - Update
[127]: KB969897 - Update
[128]: KB969898 - Update
[129]: KB969947 - Update
[130]: KB970238 - Update
[131]: KB970653-v3 - Update
[132]: KB971486 - Update
[133]: KB971557 - Update
[134]: KB971633 - Update
[135]: KB971657 - Update
[136]: KB971961 - Update
[137]: KB972260 - Update
[138]: KB973346 - Update
[139]: KB973354 - Update
[140]: KB973507 - Update
[141]: KB973525 - Update
[142]: KB973687 - Update
[143]: KB973815 - Update
[144]: KB973869 - Update
[145]: KB974112 - Update
[146]: KB974455 - Update
[147]: KB974571 - Update
[148]: KB975025 - Update
[149]: KB975467 - Update
[150]: KB976098-v2 - Update
[151]: KB976749 - Update
[152]: KB835221WXP - Update
NetWork Card(s): 3 NIC(s) Installed.
[01]: Intel® PRO/100 VE Network Connection
Connection Name: Local Area Connection
Status: Media disconnected
[02]: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter
Connection Name: Wireless Network Connection 2
DHCP Enabled: No
IP address(es)
[01]: 192.168.1.4
[03]: Cisco Systems VPN Adapter
Connection Name: Local Area Connection 2
DHCP Enabled: No
IP address(es)
[01]: 172.16.1.14
6:22:1:736 900 ForceUnloadDriver: NtUnloadDriver error 2
6:22:1:736 900 ForceUnloadDriver: NtUnloadDriver error 2
6:22:1:736 900 ForceUnloadDriver: NtUnloadDriver error 2
6:22:1:736 900 main: Driver KLMD successfully dropped
6:22:1:767 900 main: Driver KLMD successfully loaded
6:22:1:767 900
Scanning Registry ...
6:22:1:767 900 ScanServices: Searching service UACd.sys
6:22:1:767 900 ScanServices: Open/Create key error 2
6:22:1:767 900 ScanServices: Searching service TDSSserv.sys
6:22:1:767 900 ScanServices: Open/Create key error 2
6:22:1:767 900 ScanServices: Searching service gaopdxserv.sys
6:22:1:767 900 ScanServices: Open/Create key error 2
6:22:1:767 900 ScanServices: Searching service gxvxcserv.sys
6:22:1:767 900 ScanServices: Open/Create key error 2
6:22:1:767 900 ScanServices: Searching service MSIVXserv.sys
6:22:1:767 900 ScanServices: Open/Create key error 2
6:22:1:767 900 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
6:22:1:767 900 UnhookRegistry: Kernel local addr: E40000
6:22:1:767 900 UnhookRegistry: KeServiceDescriptorTable addr: EC5700
6:22:1:767 900 UnhookRegistry: KiServiceTable addr: E6D460
6:22:1:767 900 UnhookRegistry: NtEnumerateKey service number (local): 47
6:22:1:767 900 UnhookRegistry: NtEnumerateKey local addr: F8CFF2
6:22:1:783 900 KLMD_OpenDevice: Trying to open KLMD device
6:22:1:783 900 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
6:22:1:783 900 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
6:22:1:783 900 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4]
6:22:1:783 900 UnhookRegistry: NtEnumerateKey service number (kernel): 47
6:22:1:783 900 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4]
6:22:1:783 900 UnhookRegistry: NtEnumerateKey real addr: 80623FF2
6:22:1:783 900 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2
6:22:1:783 900 UnhookRegistry: No SDT hooks found on NtEnumerateKey
6:22:1:783 900 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA]
6:22:1:783 900 UnhookRegistry: No splicing found on NtEnumerateKey
6:22:1:783 900
Scanning Kernel memory ...
6:22:1:783 900 KLMD_OpenDevice: Trying to open KLMD device
6:22:1:783 900 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
6:22:1:783 900 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
6:22:1:783 900 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 82D779D0
6:22:1:783 900 DetectCureTDL3: KLMD_GetDeviceObjectList returned 6 DevObjects
6:22:1:783 900 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 82C765E8
6:22:1:783 900 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82C765E8
6:22:1:783 900 KLMD_ReadMem: Trying to ReadMemory 0x82C765E8[0x38]
6:22:1:783 900 DetectCureTDL3: DRIVER_OBJECT addr: 82D779D0
6:22:1:783 900 KLMD_ReadMem: Trying to ReadMemory 0x82D779D0[0xA8]
6:22:1:783 900 KLMD_ReadMem: Trying to ReadMemory 0xE16FDE90[0x208]
6:22:1:783 900 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
6:22:1:783 900 DetectCureTDL3: IrpHandler (0) addr: F863BBB0
6:22:1:783 900 DetectCureTDL3: IrpHandler (1) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (2) addr: F863BBB0
6:22:1:783 900 DetectCureTDL3: IrpHandler (3) addr: F8635D1F
6:22:1:783 900 DetectCureTDL3: IrpHandler (4) addr: F8635D1F
6:22:1:783 900 DetectCureTDL3: IrpHandler (5) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (6) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (7) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (8) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (9) addr: F86362E2
6:22:1:783 900 DetectCureTDL3: IrpHandler (10) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (11) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (12) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (13) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (14) addr: F86363BB
6:22:1:783 900 DetectCureTDL3: IrpHandler (15) addr: F8639F28
6:22:1:783 900 DetectCureTDL3: IrpHandler (16) addr: F86362E2
6:22:1:783 900 DetectCureTDL3: IrpHandler (17) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (18) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (19) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (20) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (21) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (22) addr: F8637C82
6:22:1:783 900 DetectCureTDL3: IrpHandler (23) addr: F863C99E
6:22:1:783 900 DetectCureTDL3: IrpHandler (24) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (25) addr: 804F4562
6:22:1:783 900 DetectCureTDL3: IrpHandler (26) addr: 804F4562
6:22:1:783 900 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
6:22:1:783 900 KLMD_ReadMem: DeviceIoControl error 1
6:22:1:783 900 TDL3_StartIoHookDetect: Unable to get StartIo handler code
6:22:1:783 900 TDL3_FileDetect: Processing driver: Disk
6:22:1:783 900 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
6:22:1:783 900 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
6:22:1:783 900 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
6:22:1:829 900 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 82C73580
6:22:1:829 900 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82C73580
6:22:1:829 900 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 82914AD8
6:22:1:829 900 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82914AD8
6:22:1:829 900 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 82721EA0
6:22:1:829 900 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82721EA0
6:22:1:829 900 KLMD_ReadMem: Trying to ReadMemory 0x82721EA0[0x38]
6:22:1:829 900 DetectCureTDL3: DRIVER_OBJECT addr: 82405DA0
6:22:1:829 900 KLMD_ReadMem: Trying to ReadMemory 0x82405DA0[0xA8]
6:22:1:829 900 KLMD_ReadMem: Trying to ReadMemory 0xE1B58430[0x208]
6:22:1:829 900 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
6:22:1:829 900 DetectCureTDL3: IrpHandler (0) addr: F2D84218
6:22:1:829 900 DetectCureTDL3: IrpHandler (1) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (2) addr: F2D84218
6:22:1:829 900 DetectCureTDL3: IrpHandler (3) addr: F2D8423C
6:22:1:829 900 DetectCureTDL3: IrpHandler (4) addr: F2D8423C
6:22:1:829 900 DetectCureTDL3: IrpHandler (5) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (6) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (7) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (8) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (9) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (10) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (11) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (12) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (13) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (14) addr: F2D84180
6:22:1:829 900 DetectCureTDL3: IrpHandler (15) addr: F2D7F9E6
6:22:1:829 900 DetectCureTDL3: IrpHandler (16) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (17) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (18) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (19) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (20) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (21) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (22) addr: F2D835F0
6:22:1:829 900 DetectCureTDL3: IrpHandler (23) addr: F2D81A6E
6:22:1:829 900 DetectCureTDL3: IrpHandler (24) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (25) addr: 804F4562
6:22:1:829 900 DetectCureTDL3: IrpHandler (26) addr: 804F4562
6:22:1:829 900 KLMD_ReadMem: Trying to ReadMemory 0xF2D80F26[0x400]
6:22:1:829 900 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
6:22:1:829 900 TDL3_FileDetect: Processing driver: USBSTOR
6:22:1:829 900 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\tsk_usbstor.sys
6:22:1:829 900 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
6:22:1:829 900 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
6:22:1:861 900 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 82D758A0
6:22:1:861 900 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82D758A0
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x82D758A0[0x38]
6:22:1:861 900 DetectCureTDL3: DRIVER_OBJECT addr: 82D779D0
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x82D779D0[0xA8]
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0xE16FDE90[0x208]
6:22:1:861 900 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
6:22:1:861 900 DetectCureTDL3: IrpHandler (0) addr: F863BBB0
6:22:1:861 900 DetectCureTDL3: IrpHandler (1) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (2) addr: F863BBB0
6:22:1:861 900 DetectCureTDL3: IrpHandler (3) addr: F8635D1F
6:22:1:861 900 DetectCureTDL3: IrpHandler (4) addr: F8635D1F
6:22:1:861 900 DetectCureTDL3: IrpHandler (5) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (6) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (7) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (8) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (9) addr: F86362E2
6:22:1:861 900 DetectCureTDL3: IrpHandler (10) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (11) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (12) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (13) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (14) addr: F86363BB
6:22:1:861 900 DetectCureTDL3: IrpHandler (15) addr: F8639F28
6:22:1:861 900 DetectCureTDL3: IrpHandler (16) addr: F86362E2
6:22:1:861 900 DetectCureTDL3: IrpHandler (17) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (18) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (19) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (20) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (21) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (22) addr: F8637C82
6:22:1:861 900 DetectCureTDL3: IrpHandler (23) addr: F863C99E
6:22:1:861 900 DetectCureTDL3: IrpHandler (24) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (25) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (26) addr: 804F4562
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
6:22:1:861 900 KLMD_ReadMem: DeviceIoControl error 1
6:22:1:861 900 TDL3_StartIoHookDetect: Unable to get StartIo handler code
6:22:1:861 900 TDL3_FileDetect: Processing driver: Disk
6:22:1:861 900 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
6:22:1:861 900 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
6:22:1:861 900 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
6:22:1:861 900 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 82D75C68
6:22:1:861 900 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82D75C68
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x82D75C68[0x38]
6:22:1:861 900 DetectCureTDL3: DRIVER_OBJECT addr: 82D779D0
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x82D779D0[0xA8]
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0xE16FDE90[0x208]
6:22:1:861 900 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
6:22:1:861 900 DetectCureTDL3: IrpHandler (0) addr: F863BBB0
6:22:1:861 900 DetectCureTDL3: IrpHandler (1) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (2) addr: F863BBB0
6:22:1:861 900 DetectCureTDL3: IrpHandler (3) addr: F8635D1F
6:22:1:861 900 DetectCureTDL3: IrpHandler (4) addr: F8635D1F
6:22:1:861 900 DetectCureTDL3: IrpHandler (5) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (6) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (7) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (8) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (9) addr: F86362E2
6:22:1:861 900 DetectCureTDL3: IrpHandler (10) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (11) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (12) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (13) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (14) addr: F86363BB
6:22:1:861 900 DetectCureTDL3: IrpHandler (15) addr: F8639F28
6:22:1:861 900 DetectCureTDL3: IrpHandler (16) addr: F86362E2
6:22:1:861 900 DetectCureTDL3: IrpHandler (17) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (18) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (19) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (20) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (21) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (22) addr: F8637C82
6:22:1:861 900 DetectCureTDL3: IrpHandler (23) addr: F863C99E
6:22:1:861 900 DetectCureTDL3: IrpHandler (24) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (25) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (26) addr: 804F4562
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
6:22:1:861 900 KLMD_ReadMem: DeviceIoControl error 1
6:22:1:861 900 TDL3_StartIoHookDetect: Unable to get StartIo handler code
6:22:1:861 900 TDL3_FileDetect: Processing driver: Disk
6:22:1:861 900 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
6:22:1:861 900 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
6:22:1:861 900 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
6:22:1:861 900 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 82D75030
6:22:1:861 900 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82D75030
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x82D75030[0x38]
6:22:1:861 900 DetectCureTDL3: DRIVER_OBJECT addr: 82D779D0
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x82D779D0[0xA8]
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0xE16FDE90[0x208]
6:22:1:861 900 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
6:22:1:861 900 DetectCureTDL3: IrpHandler (0) addr: F863BBB0
6:22:1:861 900 DetectCureTDL3: IrpHandler (1) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (2) addr: F863BBB0
6:22:1:861 900 DetectCureTDL3: IrpHandler (3) addr: F8635D1F
6:22:1:861 900 DetectCureTDL3: IrpHandler (4) addr: F8635D1F
6:22:1:861 900 DetectCureTDL3: IrpHandler (5) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (6) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (7) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (8) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (9) addr: F86362E2
6:22:1:861 900 DetectCureTDL3: IrpHandler (10) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (11) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (12) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (13) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (14) addr: F86363BB
6:22:1:861 900 DetectCureTDL3: IrpHandler (15) addr: F8639F28
6:22:1:861 900 DetectCureTDL3: IrpHandler (16) addr: F86362E2
6:22:1:861 900 DetectCureTDL3: IrpHandler (17) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (18) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (19) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (20) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (21) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (22) addr: F8637C82
6:22:1:861 900 DetectCureTDL3: IrpHandler (23) addr: F863C99E
6:22:1:861 900 DetectCureTDL3: IrpHandler (24) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (25) addr: 804F4562
6:22:1:861 900 DetectCureTDL3: IrpHandler (26) addr: 804F4562
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
6:22:1:861 900 KLMD_ReadMem: DeviceIoControl error 1
6:22:1:861 900 TDL3_StartIoHookDetect: Unable to get StartIo handler code
6:22:1:861 900 TDL3_FileDetect: Processing driver: Disk
6:22:1:861 900 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
6:22:1:861 900 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
6:22:1:861 900 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
6:22:1:861 900 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 82D77360
6:22:1:861 900 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82D77360
6:22:1:861 900 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 82DDF030
6:22:1:861 900 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82DDF030
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x82DDF030[0x38]
6:22:1:861 900 DetectCureTDL3: DRIVER_OBJECT addr: 82DD8CB8
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x82DD8CB8[0xA8]
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x82DDD030[0x38]
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x82D84B30[0xA8]
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0xE169C040[0x208]
6:22:1:861 900 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
6:22:1:861 900 DetectCureTDL3: IrpHandler (0) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (1) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (2) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (3) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (4) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (5) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (6) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (7) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (8) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (9) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (10) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (11) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (12) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (13) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (14) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (15) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (16) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (17) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (18) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (19) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (20) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (21) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (22) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (23) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (24) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (25) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: IrpHandler (26) addr: 82D49618
6:22:1:861 900 DetectCureTDL3: All IRP handlers pointed to one addr: 82D49618
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x82D49618[0x400]
6:22:1:861 900 TDL3_IrpHookDetect: TDL3 is already cured
6:22:1:861 900 KLMD_ReadMem: Trying to ReadMemory 0x82D494BF[0x400]
6:22:1:861 900 TDL3_StartIoHookDetect: CheckParameters: 7, FFDF0308, 334, 0
6:22:1:861 900 TDL3_FileDetect: Processing driver: atapi
6:22:1:861 900 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\tsk_atapi.sys, C:\WINDOWS\system32\Drivers\tsk_tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_tsk_atapi.sys
6:22:1:861 900 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\tsk_atapi.sys
6:22:1:861 900 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\tsk_atapi.sys
6:22:1:923 900
Completed

Results:
6:22:1:923 900 Infected objects in memory: 0
6:22:1:923 900 Cured objects in memory: 0
6:22:1:923 900 Infected objects on disk: 0
6:22:1:923 900 Objects on disk cured on reboot: 0
6:22:1:923 900 Objects on disk deleted on reboot: 0
6:22:1:923 900 Registry nodes deleted on reboot: 0
6:22:1:923 900

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:30 PM

Posted 09 December 2009 - 08:56 AM

We need to run Combofix.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 newport kirby

newport kirby
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 12 December 2009 - 06:49 PM

Sam:

I may have messed up.

I disabled AVG and thought I had done the same with Spybot but when ComboFix finished and produced its log I got a series of requests (+/- 10) from spybot requesting approval or denial of system changes. I denied them all, however, now I'm thinking that I should have accepted them all.

Also, I had trouble getting ComboFix to run. Originally I tried to save it from link2 and then run it, however, when I ran it I got an error message that said "You cannot rename ComboFix as ComboFix [1]; please use another name, preferably made up of alphanumeric characters". I then tried, unsuccessfully, running and not saving all three links. Then I saved link3 successfully and was able to run from that. It successfully installed the Recovery Console.

My apologies in advance for not knowing what to do with the Spybot prompts.

The ComboFix log is attached.

ComboFix 09-12-11.05 - Tamra 12/12/2009 15:11:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.133 [GMT -8:00]
Running from: c:\documents and settings\Tamra\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Shared
c:\program files\Shared\lib.sig

.
((((((((((((((((((((((((( Files Created from 2009-11-12 to 2009-12-12 )))))))))))))))))))))))))))))))
.

2009-12-11 17:11 . 2009-11-25 17:55 2063640 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-11 17:11 . 2009-11-25 17:55 3514648 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-12-11 17:11 . 2009-11-25 17:55 2029336 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-12-08 14:16 . 2009-12-08 14:16 96512 ----a-w- c:\windows\system32\drivers\tsk_atapi.sys
2009-12-07 00:47 . 2009-12-07 00:47 -------- d-----w- c:\program files\Trend Micro
2009-11-29 22:26 . 2009-11-30 04:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-29 22:26 . 2009-11-30 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 18:13 . 2004-08-04 04:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-30 04:29 . 2005-12-08 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-11-30 04:28 . 2005-12-08 21:10 -------- d-----w- c:\program files\Common Files\AOL
2009-11-30 04:28 . 2009-10-28 02:10 -------- d-----w- c:\program files\AVS4YOU
2009-11-30 04:27 . 2005-08-17 02:54 -------- d-----w- c:\program files\GemMaster
2009-11-30 04:27 . 2009-10-28 02:53 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-11-30 03:47 . 2009-10-28 02:08 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-06 16:24 . 2009-05-08 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-03 04:42 . 2009-10-02 22:00 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 05:38 . 2005-08-16 10:18 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-28 02:12 . 2009-10-28 02:12 -------- d-----w- c:\documents and settings\Tamra\Application Data\AVS4YOU
2009-10-28 02:11 . 2009-10-28 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-10-21 05:38 . 2005-08-16 10:18 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-08-16 10:18 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 05:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2005-08-16 10:18 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-08-16 10:18 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-08-16 10:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-25 05:37 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\ieencode.dll
.

------- Sigcheck -------

[7] 2009-12-07 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2009-12-07 18:13 . 1CA9E42F9D762DD8E81A58EF99270920 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-08 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2009-5-9 6144]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2005-12-8 917611]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 16:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/7/2009 4:03 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/7/2009 4:03 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/4/2009 8:16 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/7/2009 4:03 PM 297752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/14/2009 8:19 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [12/8/2005 1:04 PM 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: {53D1217A-D74C-46FC-A22D-D9E94109AB99} = 192.168.1.3
TCP: {66E7E510-C2CF-4307-906F-D20F881CC88F} = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-OE_OEM - c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-12 15:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1672)
c:\windows\system32\PRISMAPI.dll
.
Completion time: 2009-12-12 15:24:29
ComboFix-quarantined-files.txt 2009-12-12 23:24

Pre-Run: 46,075,604,992 bytes free
Post-Run: 47,265,644,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - F5ED66262B5D34DC5D9522FD795DB7B0

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:30 PM

Posted 13 December 2009 - 11:02 AM

No problem, you did just fine. :(
If you get those Spybot prompts again after running Combofix, allow the changes.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 newport kirby

newport kirby
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 13 December 2009 - 03:04 PM

Sam:

I followed your instructions and everything went fine until about five minutes into the combofix I got the dreaded blue screen of death. I rebooted the computer and accepted all spybot changes, however, ComboFix is now missing off the desktop.

I wanted to check with you before redownloading ComboFix and trying again.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:30 PM

Posted 14 December 2009 - 07:32 AM

Before trying Combofix again, how is your computer behaving? Are you still having the same issues?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 newport kirby

newport kirby
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 14 December 2009 - 11:30 AM

The issues I contacted you about are gone. The computer appears to be working well.

Do you have a suggestion of any software I should add (or delete) to help prevent this in the future?

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:30 PM

Posted 14 December 2009 - 08:46 PM

Excellent! :(

One recommendation I have for you is to replace AVG with Avast. It does a better job detecting these rootkit infections it seems.
Another good program to have and run periodically is Malwarebytes.

Here are just a few last steps and then some final recommendations for you.


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

===================


It's time to clean up.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 newport kirby

newport kirby
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 16 December 2009 - 11:14 PM

Sam:

I'm starting to see the light at the end of the tunnel, however, a new snag. I went through your checklist as follows:

Successfully downloaded JavaRa

Successfully cleaned up using OTL

Successfully disabled and enabled System Restore

The snag occured when I was trying to remove AVG and replace it with AVAST. First I got a window which had two areas to checkmark. One asking if "I wanted to remove user settings" and the other said "including objects in the virus vault". I left those two options unchecked and proceeded forward. As the uninstall occured I then received the following error message:

Uninstall failed
1 error occured
Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows : creating registry key . . . .
Error 0x80070005

I tried again and got the same error message. I then went through the process again and checked the two options discussed above and still got the same error message.

I then went into the garage and got a hammer to knock some sense into the machine, but then, thinking about it, I thought pinging you was a better option.

Thanks in advance for your able assistance.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:30 PM

Posted 17 December 2009 - 08:52 AM

Download the AVG removal tool from here and run it.
http://www.avg.com/us-en/download-tools

It should clean it all up for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:30 PM

Posted 26 December 2009 - 08:16 PM

Now that your problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users